Описание
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-16513
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
- https://know.bishopfox.com/advisories
- https://know.bishopfox.com/advisories/connectwise-control
- https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox
- https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox
EPSS
Процентиль: 45%
0.00224
Низкий
CVE ID
Связанные уязвимости
CVSS3: 8.8
nvd
около 6 лет назад
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
EPSS
Процентиль: 45%
0.00224
Низкий